Legally compliant business processes are an organizational challenge for management. Any illegal conduct of an individual employee can potentially be attributable to an organizational fault on the part of the company management. A commitment by the management and the employees to abide by the law is a self-evident part of any code of good and responsible corporate governance.
Compliance as a value-building factor and liability risk
The particular value of a company is based on the fact that it adds value and is able to convert costs into earnings and profits in the long term. However, a company whose profitability is built on business processes that are legally non-compliant harbors a blatant value-destroying deficiency. For, unlike in piracy or organized crime, breaches of the law are not part of the typical entrepreneurial activity profile. Entrepreneurial freedom demands respect for the law at all times.
Compliance risks can have a long-lasting negative impact on a company’s profitability and value. They can lead not only to operating losses, but also to reputational damage and costly legal disputes or even the criminal prosecution of employees and members of the management.
Compliance organization – duty of care and broad discretion
The planning, implementation and oversight of an appropriate compliance organization is one of the cardinal duties of management. This includes the obligation to diligently identify the company-specific compliance risks along the value chain.
The specific structure of the compliance system, as an entrepreneurial decision within the meaning of § 93 subsection 1 sentence 2 of AktG [German Stock Corporation Act], is at the discretion of the management. Based on an appropriately compiled information base (risk inventory), the management must decide what suitable, necessary and reasonable measures are in the best interests of the company (Business Judgment Rule).
Therefore, the compliance organization must be structured with a view to its purpose and in consideration of the specific and particular risks of the company as well as its distinct strengths and weaknesses. Also, it must be examined whether the compliance organization is sufficiently suitable, necessary and reasonable with regard to the duties of care associated with a compliance organization.
It is also at the discretion of the management to decide whether and to what extent the management itself exercises responsibility for compliance or delegates it to corporate functions (e.g. legal department, risk management or internal audit department), to a compliance officer or to outside agencies (e.g. lawyers, auditors).
How KSB INTAX can contribute to effective compliance
We offer advice on the planning and implementation of an appropriate compliance organization and on the integration of legal requirements into the business processes, from risk inventory to communication and training to regular reporting and auditing in order to guarantee the effectiveness of the compliance organization. In addition, we investigate breaches of compliance and follow them up in consultation with the management. In the case of serious breaches of compliance, we develop damage limitation strategies as well as solutions for a return to legality.